December 26, 2013
Cryptolocker Malware Holding Up To 250,000 Computers Ransom
Peter Suciu for redOrbit.com – Your Universe Online
The Cryptolocker malware, which was first reported back in September, could be holding as many as 250,000 computer users as digital hostages. The virus has been infecting PCs around the world and effectively holds the files within it for ransom.To access the files locked by the ransomware, PC owners are asked to pay $300 to $700 to the criminals who run and control the virus. Cryptolocker has been mainly aimed at individual PCs rather than those located on networks, and it is usually spread via email through messages sent from an account claiming to be customer support for a delivery service such as DHS, FedEx or UPS, but it could arrive in other forms – including payroll requests, court summons or other emails that ask a user to open an attachment. These attached files are disguised as a PDF, but it is actually malware, which then hijacks the machine and holds the content for ransom.
The BBC reported on Thursday that Dell SecureWorks said the United States and United Kingdom have been worst affected. The United States accounted for 23.8 percent of total known infections of the malware, while the UK followed with 19 percent. Australia (12.9 percent), France (5.8 percent) and Brazil (4.8 percent) rounded out the top five most known infected nations. Italy, Turkey, Spain, China and Canada were also in the top 10.
The security firm found cyber criminals are mainly targeting individual and home Internet users after initially targeting professionals.
“In mid-September 2013, the Dell SecureWorks CTU(TM) research team observed a new ransomware malware family called CryptoLocker. Ransomware malware such as Reveton, Urausy, Tobfy, and Kovter has cost consumers considerable time and money over the past several years. Ransomware prevents victims from using their computer normally (eg, by locking the screen) and uses social engineering to convince victims that failing to follow the malware authors' instructions will lead to real-world consequences,” Dell SecureWorks posted on its website last week.
“These consequences, such as owing a fine or facing arrest and prosecution, are presented as being the result of a fabricated indiscretion like pirating music or downloading illegal pornography. Victims of these traditional forms of ransomware could ignore the demands and use security software to unlock the system and remove the offending malware. CryptoLocker changes this dynamic by aggressively encrypting files on the victim's system and returning control of the files to the victim only after the ransom is paid.”
Security experts have warned those infected with the virus not to pay the ransom, as it could only prove that this is a successful – albeit nefarious – business model.
“If even a few victims pay then the cybercriminals will think they have got a viable business model and keep infecting people and asking for ransoms. If nobody pays, they will stop these campaigns,” Dmitri Bestuzhev, a Kaspersky spokesperson told The Guardian newspapers in October.
Dell SecureWorks has suggested several steps that affected individuals should take instead to protect their computers and its data. This includes installation of software that blocks executable fields and compressed archives before these reach email boxes, check permissions assigned to shared network drives to limit the number of people who make any modifications, and regularly back-up data to offline storage including optical discs or network attached drives and cloud storage.
In addition, each PC’s software management tools should be set to prevent malware such as Cryptolocker and other suspect programs from accessing certain critical directories. Users should also set their computer’s Group Policy Objects to restrict registry keys – including databases containing settings – that could be used by malware such as Cryptolocker. By doing this last set, it makes it difficult for the malware to begin the encryption process.